1. Welcome to LilyPad. Download the project, explore the forums, and create your own LilyPad network.


    If you use the software and enjoy it or have a question, or would like to contribute to the future of the software directly or through resources, please sign up and join our little community.

Proxy & Connect on Multicraft - Attack Strategy

Discussion in 'Discussion' started by boboman13, Jan 6, 2014.

  1. boboman13

    boboman13 Member Contributor

    Hello everyone. I'm trying to help out @The_Zip with his Multicraft tutorial, but we're having trouble setting it up correctly. This was his proposed setup:
    1. Put connect-linux-amd64 (or whatever the name is) into the base server directory.
    2. Create a custom script that runs /{SERVER_DIR}/connect-linux-amd64 upon startup and kills it upon stop.
    3. The console would then be hooked up from there.
    However, no host in their right mind would do this with a custom file because you could simply overwrite the file and, say, put this in there:
    Code (text):
    #!/bin/sh
    myUser="mc9999"
    echo "mynewpassword" | passwd $myUser --stdin
    For those unfamiliar with Linux, you can then run this on your home machine:
    Code (text):
    ssh mc9999@{serverip}
    Enter your password: {mynewpassword}
    And you have just gained access to the remote Linux machine via a Multicraft script.

    My proposed setup:
    1. Somehow run the connect-linux-amd64 from another directory (the server .jar directory, unwritable from clients) and then execute it from there but somehow have it run in the other {SERVER_DIR} directory. We couldn't get this one to work.
    So we came here, asking if anyone had ideas on how we could do it.
    boboman13, Jan 6, 2014
    #1
  2. AdamJonesay

    AdamJonesay New Member

    I was thinking anyone who is a Java developer could make a java executable that executed those commands into bash, then you could remotely login, but you'd have to find out the main IP address of the node that you're on, because I doubt any server host would be running SSH on ALL the IP addresses. By doing any of this you might also be violating the terms of service of your host though. Also, Multicraft makes the default shell /etc/nologin or something like that so you wouldn't be able to login and use bash. The best idea you could actually do is buy a VPS instead of trying to make it work on a crappy panel like Multicraft, because for the most part, most hosts are going to have their security locked down so that you CAN'T gain shell access. You could also get into some SERIOUS trouble for that also. By the way making a script like that doesn't make sense. The script would work much better by doing something like.
    Code (text):

    #!/bin/sh
    echo "password" | passwd `whoami` --stdin
     
    But none of that will work because the shell is locked down and you won't be able to login without modifying /etc/passwd to enable using the bash shell or sh, which is only editable by root.
    AdamJonesay, Jan 11, 2014
    #2
    • Like Like x 1

Share This Page